VARIoT IoT vulnerabilities database

plural Technicolor Product Contains a vulnerability related to certificate and password management.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Technicolor CGA0111 etc. are the modem products of the French Technicolor Group. A security vulnerability exists in several Technicolor products. A remote attacker could exploit this vulnerability to obtain credentials by sending SNMP requests. The following products and versions are affected: Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU ​​version; CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC version; Version; TC7110.AR STD3.38.03 version; TC7110.B STC8.62.02 version; TC7110.D STDB.79.02 version; TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT version;

Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. Orange Livebox Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Orange Livebox Contains an input validation vulnerability.Information may be tampered with. The Orange Livebox is an ADSL (Asymmetric Digital Subscriber Line) modem. A security vulnerability exists in Orange Livebox version 00.96.320S. A remote attacker could exploit this vulnerability by sending a GET request to the /get_getnetworkconf.cgi URI to obtain the device's SSID and WI-FI password

Thomson DWG849 STC0.01.16, DWG850-4 ST9C.05.25, DWG855 ST80.20.26, and TWG870 STB2.01.36 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Thomson Product devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Thomson DWG849 etc. are all modem products. A security vulnerability exists in several Thomson products. The following products and versions are affected: Thomson DWG849 STC version 0.01.16; DWG850-4 ST9C.05.25 version; DWG855 ST80.20.26 version; TWG870 STB version 2.01.36

Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module. The solution supports indexing and saving of all e-mail, and can enhance operational efficiency and enforce compliance policies. A remote attacker could exploit this vulnerability to inject malicious scripts into client web application requests

A researcher has disclosed several vulnerabilities against FortiClient for Windows version 6.0.5 and below, version 5.6.6, the combination of these vulnerabilities can turn into an exploit chain, which allows a user to gain system privileges on Microsoft Windows. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attackers to execute unauthorized code or commands via the named pipe responsible for Forticlient updates. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable

A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 and earlier allows attacker to execute unauthorized code or commands via the command injection. Windows for Fortinet FortiClient Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiClient is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to gain the elevated privileges on the system. Failed exploit attempts may result in a denial of service condition. Fortinet FortiClient 6.0.4 and prior are vulnerable. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Vulnerabilities in permissions and access control issues exist in Fortinet FortiClient version 6.0.4 based on the Windows platform. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. Floureon IP Camera SP012 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable

An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability. WIBU-SYSTEMS WibuKey.sys Contains an information disclosure vulnerability.Information may be obtained. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability. WibuKey Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Wibu Systems WibuKey Digital Rights Management is prone to multiple input-validation vulnerabilities. Attackers can exploit these issues to obtain sensitive information, to execute arbitrary code in the context of the user running the application. Failed exploit attempts may result in a denial-of-service condition. WibuKey versions prior to 6.50 are vulnerable. Network server management is one of the network server managers

NA300 PLC is a medium-sized programmable controller. There is a loophole in the logic design of the NA300 PLC. An attacker can illegally read the PLC internal logic program by constructing a specific data packet

NA300 PLC is a medium-sized programmable controller. NA300 PLC has an unauthorized operation vulnerability. Attackers can use the vulnerability to remotely tamper with the system's inputs and outputs, variable values, etc

NA300 PLC is a medium-sized programmable controller. The NNA300 PLC has a weak password vulnerability. An attacker could gain full control of the PLC through this vulnerability

NA300 PLC is a medium-sized programmable controller. NA300 PLC has an unauthorized operation vulnerability. An attacker can remotely tamper with the MAIN program in the PLC using the vulnerability

KingView is the first industrial configuration software product launched by Beijing Yakong Technology Co., Ltd. in China. There is a local privilege escalation vulnerability in KingView. Allows an attacker to exploit a vulnerability to submit a specially crafted request to execute arbitrary code in the application context. Asia Control Technology Configuration King (KingView) A local elevation of privilege vulnerability exists

NA300 PLC is a medium-sized programmable controller. NA300 PLC has a buffer overflow vulnerability. The vulnerability stems from et *** 's failure to properly handle functions. An attacker can overwrite the return address by constructing a variable length exceeding the variable v30

WPLSoft is a plc programming tool. Delta WPLSoft has a buffer overflow vulnerability. Attackers can construct malformed data and cause software to crash

NA300 PLC is a medium-sized programmable controller. Information disclosure vulnerability exists in NA300 PLC. An attacker could use the vulnerability to leak the PLC ftp service account and password

NA300 PLC is a medium-sized programmable controller. Command injection vulnerability exists in NA300 PLC. The vulnerability stems from the inability of the ehtdbg program in the system to properly handle input parameters. An attacker can bypass the check by constructing parameters, inject commands, and gain server permissions. , Get server permissions